← Back to team overview

touch-packages team mailing list archive

[Bug 784255] Re: Maverick heimdal packages have broken allow_weak_crypto implementation

 

Maverick has long since stopped to receive any updates. Marking the
Maverick task for this ticket as "Won't Fix".

** Changed in: heimdal (Ubuntu Maverick)
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to heimdal in Ubuntu.
https://bugs.launchpad.net/bugs/784255

Title:
  Maverick heimdal packages have broken allow_weak_crypto implementation

Status in “heimdal” package in Ubuntu:
  Fix Released
Status in “heimdal” source package in Maverick:
  Won't Fix

Bug description:
  The allow_weak_crypto krb5.conf option was added to Heimdal during the
  1.2 release, but was implemented incorrectly.  The check for desired
  enctypes was performed before the check to see if allow_weak_crypto is
  true.

  This has the unfortunate effect of resulting in a completely empty
  enctypes list if the configured list of desired enctypes contains only
  enctypes classified as "weak", since the "weak" enctypes are not valid
  choices (and are thus kicked out of contention) until after the
  filtering of the desired enctypes list is performed.

  This feature was implemented during the 1.2 release of Heimdal, on 2008-08-17:
  https://github.com/heimdal/heimdal/commit/aa3cf9664515246bb8a9674ef270ba9433e0f25c

  And the logic was corrected to the proper behavior after the release of 1.4, on 2010-10-02:
  https://github.com/heimdal/heimdal/commit/799956e9b7ebdeecd2df202638f7656a25664ed9

  - Lucid provides Heimdal packages from the 1.2 branch (1.2.e1.dfsg.1-1ubuntu1) but do not contain any implementation of allow_weak_crypto.
  - Maverick provides Heimdal packages from the 1.4 branch (1.4.0~git20100605.dfsg.1-2) that contain the mis-implemented version of the feature.
  - Natty provides Heimdal packages from the 1.4 branch (1.4.0+git20110124) that contain the corrected version of the feature.

  In addition to being fixed upstream and released in Natty, a new
  enough version has also been released in Debian Experimental
  (1.4.0+git20110411.dfsg.1-1).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/heimdal/+bug/784255/+subscriptions